Security - Manual Exploitation?
All,
Many of us are familiar with metasploit, and its point and click exploitation capability. However we also know that many updated exploits may not be in metasploit for whatever reason. If you find an exploit online, you may want to use it. Now I know metasploit can import exploits, but i'm sure that process is somewhat involved, and I will get into that later. When I watched Vivek's MSFE video, I believe at one point he downloads and compiles a MS03-026 exploit and manually points it at the target and exploits it. Is this a common functionality? Is this commonly how exploits are manually launched, or is everything imported into MSF?
Many of us are familiar with metasploit, and its point and click exploitation capability. However we also know that many updated exploits may not be in metasploit for whatever reason. If you find an exploit online, you may want to use it. Now I know metasploit can import exploits, but i'm sure that process is somewhat involved, and I will get into that later. When I watched Vivek's MSFE video, I believe at one point he downloads and compiles a MS03-026 exploit and manually points it at the target and exploits it. Is this a common functionality? Is this commonly how exploits are manually launched, or is everything imported into MSF?
Comments
-
wes allen
Member Posts: 540 ■■■■■□□□□□
I am far from an expert, but I think most exploits start as POC code in either C, python, ruby, pearl, etc. And only a fraction end up in MSF. Browse http://www.exploit-db.com/ and you will find lots of non MSF exploits. OSCP focuses mostly on non MSF stuff.
EDIT: As an example, here is python code for MS08-067: http://www.exploit-db.com/exploits/7132/ -
NovaHax
Member Posts: 502 ■■■■□□□□□□
Yeah, what Wes said. Metasploit is great because it standardizes everything...but most exploits start out first as PoC scripts (exploit-db is pretty much the authoritative source). These scripts can often require significant modifications to make them actually useful. Many will have hardcoded IP and port addresses, hardcoded credentials, useless shellcodes (like opening calc.exe), etc...
-
SephStorm
Member Posts: 1,731 ■■■■■■■□□□
So unless you know coding and can get the code working there's no way to send the code to a system? -
wes allen
Member Posts: 540 ■■■■■□□□□□
Many times you just need to make simple changes that don't really require much programming. Like swapping out the shellcode for something specific to your host (like where to send a reverse shell). You just use something like msfvenom to output the shellcode, then replace the shellcode in the exploit. It gets tricky if there is a size limit though. Also, different os patch levels can mean different memory addresses, so you have to be able to find the correct addresses and then make changes - which doesn't really take a lot of programming, but you do need to understand assembly and debuggers.
-
SephStorm
Member Posts: 1,731 ■■■■■■■□□□
lol, definatly not there yet, i've decided to take a step back, focus on my original goal for the moment.
-
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
Something I'm learning quickly is that in order to be good at Information Security you must understand programming. You don't have to be great at it, but you must have at least a beginner's knowledge. This is why I'm trying to teach myself Python and then move onto C.
